| From: | Zhihong Yu <zyu(at)yugabyte(dot)com> |
|---|---|
| To: | PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | redacting password in SQL statement in server log |
| Date: | 2022-07-23 23:44:58 |
| Message-ID: | CALNJ-vRdBH3Kp08hzgy8P28bAZcQUQXBFPD-1dRfnvE3aQB3dA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
Currently, in situation such as duplicate role creation, the server log
would show something such as the following:
2022-07-22 13:48:18.251 UTC [330] STATEMENT: CREATE ROLE test WITH LOGIN
PASSWORD 'foobar';
The password itself should be redacted before logging the statement.
Here is sample output with the patch applied:
2022-07-23 23:28:20.359 UTC [16850] ERROR: role "test" already exists
2022-07-23 23:28:20.359 UTC [16850] STATEMENT: CREATE ROLE test WITH LOGIN
PASSWORD
Please take a look at the short patch.
I know variables should be declared at the start of the func - I can do
that once the approach is confirmed.
Cheers
| Attachment | Content-Type | Size |
|---|---|---|
| redact-password-in-log.patch | application/octet-stream | 777 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-07-24 00:23:06 | Re: Cleaning up historical portability baggage |
| Previous Message | Thomas Munro | 2022-07-23 23:24:26 | Re: Cleaning up historical portability baggage |